The router sitting in the corner of your office or study is an incredibly complex piece of hardware. While it may have cost as little as $50, it controls the flow of data in, out and around your network over wired and wireless connections. With that complexity, there comes a need to ensure you have everything tweaked so that it's secure. Here are the essential steps you need to take to make sure your home or small office network is safe to use.
Change the admin password
Whenever you set up a new router, make sure you change the default administrator password.
Many new routers and mesh networking systems prompt you to do this when you set them up. If that's not the case, go into the router's settings, either with a web browser or using the device's mobile app, and update the default administrator password.
While you're there, also change the default administrator username if you can.
There are many different settings you can tinker with when it comes to wireless. These are the key settings in my view. The trick is to make your network secure without making it so complex that it's hard to manage.
Wireless security: Set the encryption type to WPA2 and use a strong password so that you don't get any unwanted visitors connecting.
MAC address filtering: Every device that can connect to an ethernet network (ethernet is a set of standards that apply to both wired and wireless connections) has a unique identifier called a MAC address. Many routers let you create a white list so only authorised devices can connect. For most homes and small offices, that's overkill and creates more work if someone brings a new device into the network as you'll have to add it to the list of authorised devices. While it may make you a little more secure, I'm not convinced it's worth the extra effort.
Hiding your SSID: Your SSID is the name given to your wireless network. It's possible to make that name invisible so when people scan for wireless networks, they can't see yours listed. The value of hiding your SSID for security is limited as even a lowly-skilled attacker can find it as the SSID isn't encrypted when a device joins a network. And, like MAC address filtering, it adds extra complexity for a negligible benefit.
Guest networks: Modern routers let you create multiple wireless networks by using their different radios. That means you can create a main network that gives users with the right network password access to all the devices you connect such as printers, storage devices and security cameras. The guest network allows people to connect but are segregated from those resources so all they get is internet access. I recommend keeping the guest network disabled unless you need it and only activating it with a strong password.
Keep your firmware up to date
A router is basically a specialised computer with multiple network connections. And, like any computer, it relies on software.
Most routers will automatically check for firmware updates and many will install them without any intervention during scheduled times. For example, you can have your router check for updates every week and perform updates at 2AM on Sunday.
Turn off remote administration
Many routers disable remote administration (also known as remote management or enable web access from WAN) by default. Remote administration gives access to your router's control panel from outside your home network — so you can see why that would be a problem. Find the setting and ensure it's disabled.
This article has been updated since its original publication.